RUTC41 Firmware Downloads

Wiki mirrorView source
This page contains firmware files for RUTC41 devices. Look to the table below or the changelog to find download links.
Stable firmware - this version has been tested through both internal QA processes and large-scale user deployments. All known issues have been resolved based on user reports and testing feedback. Stable firmware is currently used as the default for updates and is also deployed in mass production. To upgrade firmware using WebUI, follow the instructions in RUTC41 Firmware.
Latest firmware - this is the most recent firmware release, featuring the latest updates, features, and fixes. While it has passed internal testing, it has not yet undergone widespread deployment or user validation. It may still contain undiscovered issues. We recommend testing on a small number of devices before considering broader updates.
Note: packages for Package Manager are independent from firmware and can be downloaded in the Package Downloads page.

FW checksums

Checksums for firmware files can be found here.

Changelog

RUTC_R_00.07.22.1 | 2026.04.13

  • Improvements
    • System
      • ustream-ssl: updated version to 2026-03-01
  • Fix
    • Services
      • IEC 60870-5 Client: fixed missing serial support validation checks
      • IEC 60870-5 Server: fixed package dependency issues and missing serial support validation checks
      • Modbus Client: fixed test requests due to missing broadcast option
      • RMS: fixed configuration permission issues that caused connection problems
    • System
      • Backup: fixed custom uci-default script execution
      • Backup: fixed ability to reset user password to device default password

RUTC_R_00.07.22 | 2026.03.25

  • New
    • Network
      • SMCroute: added support
    • Services
      • Data to Server: added webui option to toggle server certificate verification
      • DMVPN: added support for DMVPN configuration on GRE tunnels with IPv6 addressing
      • Events reporting: removed web user interface support
      • I/O Juggler: removed web user interface support
      • SNMP: added SNMP V3 users additional authentication types
    • System
      • Integrity: added functionality to verify file system integrity
      • WebUI: added Polish language support
  • Improvements
    • Network
      • DHCP server: added support for configuring multiple DHCP relay instances
      • DHCP server: added new DHCPv4 error status when parent interface has no IPv4 address
      • Dynamic routes: added mutual redirects between route status and dynamic route pages
      • Dynamic routes: improved display of OSPF routes
      • Dynamic routes: moved instance naming into edit modals for RIP
      • Firewall: improved performance across all firewall pages
      • Mobile: added a general signal quality metric, calculated from a combination of various mobile signal metrics
      • Network usage: added mutual redirects between "Connections" and "Network Usage" pages
      • Port Mirroring: added support for multiple mirror source ports
      • Ports Settings: added warning of enabled 802.1X ports
      • Starlink: added retrieval of location information
      • Wireless: enabled "Forward mesh peer traffic" by default on new mesh network
      • wireless-regdb: updated version to 2026.02.04
    • Services
      • Auto Reply: added "Signal quality" parameter support
      • AWS IoT Core: added TPM support
      • Azure IoT Hub: added TPM support
      • BGP: added IPv6 support
      • BGP: moved instance naming into edit modals
      • Data to Server: added data compression
      • Data to Server: added TPM support
      • Docker: added "Data directory" option
      • EoIP: added 'MTU' option
      • Event juggler: added HTTP URL scheme appendage if it is not defined in HTTP action
      • Event juggler: added TPM support
      • Event juggler: added "Signal quality" parameter support in output actions
      • Hotspot: reworked hotspot service
      • I/O Scheduler: removed ordinal suffixes from "From" and "To" table columns to improve localization
      • IEC 60870-5 Client: improved Information Objects tab usability and editing
      • IEC 60870-5 Client: added universal gateway support
      • IEC 60870-5 Server: added universal gateway support
      • IPsec: added additional proposal options
      • IPsec: removed duplicate proposals
      • IPsec: added automatic default route handling for route based IPsec
      • L2TPv3: improved "Cookie" and "Peer cookie" validation
      • Ledman: updated signal strength LED algorithm to use new value
      • Mobile Utilities: added "Signal quality" parameter support in status message
      • Modbus Client: added "Signal quality" parameter support in MQTT and Email actions
      • Modbus TCP over Serial Gateway: added function 43-14 (Read Device Identification) support
      • MQTT Broker: added certificate key length validation
      • MQTT Broker: added TPM support
      • MQTT Broker Bridge: added TPM support
      • MQTT Publisher: added TPM support
      • OpenVPN: improved server configuration when using a TAP device
      • OpenVPN: added 'Gateway IP address' option for bridged devices
      • PPTP: added client/server status information
      • RMS: updated the Connection Type field hint to reflect the current device connection frequency
      • SMPP: added TPM support
      • SNMP: added an option that makes ifIndex values persistent
      • Tailscale: added memory usage limitation option
      • TR-069: added input validations in set methods for nodes with read-write permissions
      • TR-069: added TR-143 based on "Issue 1 Amendment 1", with implementation-specific deviations
      • TR-069: improved Device.DHCPv4 object based on "TR-181 Issue 2 Amendment 20", with implementation-specific deviations
      • TR-069: added Device.Cellular object based on "TR-181 Issue 2 Amendment 20", with implementation-specific deviations
      • TR-069: added TPM support
      • Traffic Logging: added SFTP support for log uploading (with key support)
      • Traffic Logging: added FTPS support for log uploading
      • cURL: updated version to 8.18.0
      • EmailRelay: updated version to 2.5.2
      • FRR: updated version to 10.2.1
      • OpenVPN: updated version to 2.6.17
      • ovpn-dco: updated version to 0.2.20251017
      • Tailscale: updated version to 1.92.3
    • System
      • Access Control: added SSH, telnet and WebUI session termination support
      • Backup: improved backup to use API endpoints
      • Speed Test: implemented filters and sorting for the servers table
      • glib2: updated version to 2.87.1
      • libmodbus: updated version to v3.1.11
      • openssl: updated version to 3.0.19
  • Fix
    • Network
      • DHCP server: fixed DHCPv4 configuration page bug when parent interface has no IPv4 address
      • Topology: fixed lock functionality on touchscreen devices
      • Wireless: added an API error when multiple scans are performed at the same time
    • Services
      • BACnet: fixed BBMD interface being immediately highlighted in red
      • BGP: fixed how neighborship is displayed for BGP when VRF is used
      • Call Utilities: fixed "Switch WiFi on/off" action execution
      • DLNA: fixed interface selection not showing WLAN interfaces that are not in any bridge
      • Email to SMS: fixed email deletion in some rare cases
      • EoIP: fixed issues with EoIP over L2TP configuration
      • Hotspot: fixed inconsistent session logout after disconnecting from wireless
      • IEC 60870-5 Client: fixed an issue where negative ASDU response results in a timeout
      • IEC 60870-5 Server: fixed server network not restarting after disabling “Allow remote access” when “Cyclic transmissions” are enabled
      • IEC 60870-5 Server: fixed flow control component placement to follow dependency order
      • IPsec: fixed IKEv1 allowing unsupported proposals
      • IPsec: fixed incorrectly applied offloading bypass rules
      • IPsec: fixed display of "Enable XAUTH" switch
      • Modbus Client: fixed service being launched without any requests to send
      • Modem Control: fixed devices that support CSD not being able to access CSD options
      • NTRIP: fixed issue where status fields were flashing stale data
      • OpenVPN: fixed learn-address routing to handle IPv4/IPv6
      • OSPF: fixed firewall rule creation
      • SMS Utilities: fixed "Switch WiFi on/off" action execution
      • SNMP: fixed Event type Topology change Trap
      • SNMP: fixed setting incorrect firewall rule family option
    • System
      • Memory Expansion: fixed preserving system configuration when updating the firmware with USB memory expansion enabled
      • NTP: fixed the NTP server due to invalid packet headers
      • Package Manager: fixed IPTables NAT Extras package not migrating when updating from RutOS 7.12
      • PAM: fixed TACACS+ WebUI remote host parameter
      • Troubleshoot: fixed duplicate devices listed in the TCP dump configuration
  • CVE Patches
    • CVE-2025-11961 - 1.9 (LOW)
    • CVE-2025-12084 - 6.3 (MEDIUM)
    • CVE-2025-13836 - 9.1 (CRITICAL)
    • CVE-2025-64329 - 6.9 (MEDIUM)

RUTC_R_00.07.21.3 | 2026.03.24

  • Fix
    • System
      • Backup: fixed eSIM interface generation after uploading a backup
      • Reset Settings: fixed reset not responding

RUTC_R_00.07.21.2 | 2026.03.06

  • New
    • Network
      • Mobile: added eSIM activation through proxy server
  • Improvements
    • System
      • Site manager: added configurable DHCP option for client discovery
      • Site manager: added access control loss warning
  • Fix
    • Network
      • Network: fixed an edge-case network hang after device reboot
    • Services
      • Data to Server: fixed memory leak when using IEC 60870 5 as input and using output with custom format

RUTC_R_00.07.21.1 | 2026.02.26

  • Fix
    • System
      • Site manager: fixed missing config files in SDK

RUTC_R_00.07.21 | 2026.02.17

  • New
    • Network
      • Mobile: added "m2m" APN for "Spark M2M" operator to APN database
      • Mobile: added "iot" APN for "One NZ IOT" operator to APN database
      • MPLS: added LDP support
    • System
      • PAM: added TACACS+ external user support
      • Site manager: added site manager functionality
  • Improvements
    • Network
      • Firewall: added IPv6 masquerading support
      • Mobile: added SIM switch rule "On operator or country code"
      • Mobile: improved the default naming of network interfaces associated with eSIMs
      • Mobile: improved mobile data connection times on some cellular networks
      • Network: added IPv4 subnet conflict warning and notification
      • Wireless: added WPA2-PPSK authentication support
      • ethtool: updated version to 6.15
      • Netifd: updated version to 2025-05-23
    • Services
      • BGP: added debug option
      • Data to Server: moved "Add new" button to table header for smaller screens
      • Data to Server: added failed MQTT messages count to MQTT server to restart broker connection when threshold is reached
      • DLMS: added options for configuring the logical and short name on a COSEM value
      • DLMS: improved test requests to not freeze when running many of them at the same time
      • Event juggler: moved "Add new" button to table header for smaller screens
      • Event juggler: added support for monitoring digital output pin state
      • IPsec: added ability to specify local and remote passthrough networks
      • Modbus Client: improved test requests to not freeze when running many of them at the same time
      • Modbus Client: added tolerance and tolerance timeout options for on-change storage with threshold comparisons and periodic refresh
      • MQTT Broker: updated TLS option names
      • MQTT Broker Bridge: updated TLS option names
      • OPC UA Client: loosened data type validations, allowing more versatile data extraction
      • OPC UA Server: added support for configuring data sources, which allows exposing values from other services
      • OpenVPN: added support for generating client configuration from the server configuration
      • OSPF: added debug option
      • RIP: added debug option
      • SNMP: added multiple hosts support in Trap Settings
      • SNMP: added Data Source support
      • SNMP: added warning stating that selected Authentication type MD5 is not secure
      • SNMP: made SNMP community names hidden for unprivileged users
      • SSTP: added IPv6 support
      • TR-069: added TLS and mTLS support
      • Docker: updated version to 28.5.2
    • System
      • CLI: added opkg notice about using third-party feeds
      • NTP Client: improved initial system time accuracy when "Save time to flash" is enabled
      • Update Firmware: split firmware update page to device and modem tabs
      • Update Firmware: added latest/stable firmware option in firmware page
      • WebUI: improved search performance
      • WebUI: expanded search function to include results from available to install packages in package manager
      • WebUI: updated footer design
      • WebUI: added footer customization options for GPL builds
      • Kernel: updated version to 6.6.115
      • Kernel: updated version to 6.6.119
  • Fix
    • Network
      • DHCP server: added validation to prevent bridge and passthrough IP address usage for static leases
      • Mobile: fixed SIM PINs being kept in MNF when performing a factory reset with a SIM inserted
      • Multi AP: fixed incorrectly displayed access point enable switch state
      • Multi WAN: fixed failover not working after changing firewall settings
      • Network usage: fixed multiple issues that prevented the table from displaying
      • Static Routes: fixed applying static IPv6 routes after device restart
      • Wireless: fixed displaying associated client information when more than 270 clients are connected
    • Services
      • Azure IoT Hub: fixed timed out message re-sending in some edge cases
      • Data to Server: fixed example Lua output script not working correctly with data containing double quotes
      • DLNA: fixed interfaces not having WLAN
      • DNP3 Outstation: fixed binary output status data type in outstation data sources
      • Dynamic DNS: fixed core handling of user input for 'cloudflare.com-v4'
      • Event juggler: fixed SMS action retry functionality not working in certain cases
      • Event juggler: fixed incorrect configuration parsing
      • GRE: fixed state display when used with IPsec
      • Hotspot: fixed issues with download/upload limits
      • IEC 60870-5 Server: fixed validations when saving multiple configurations
      • IPsec: fixed firewall rule handling when instance is deleted
      • IPsec: fixed route based interface to be disabled when instance is disabled
      • IPsec: removed disabled state from "logs" and "active clients" when user has no write permissions
      • IPsec: fixed status endpoint to ignore zombie clients
      • IPsec: fixed DNS server update on connection
      • IPsec: fixed ID validation for API Post
      • Modbus Client: fixed Modbus write request function validation in Modbus TCP Client
      • Modbus Client: changed test requests to use the correct request ID
      • Modbus Client: fixed validation in Modbus Device requests, requests configuration now displays full function name
      • Modem Control: fixed flashing cached data when closing modal
      • NTRIP: fixed web interface to accept IPV6 addresses in server settings
      • OSPF: fixed interfaces not having WLAN
      • Package Manager: fixed removing orphan packages when any package dependency is not installed
      • RIP: fixed interfaces not having WLAN
      • RMS: fixed reconnection problem
      • RMS: fixed reconnection timer reset issue
      • SSTP: fixed address parsing when a URL protocol is used
      • SSTP: fixed adding routes to remote server
      • Wireguard: fixed startup after device reboot
      • Zerotier: fixed custom planet file permissions
    • System
      • JSON-RPC: fixed permissions for "file" methods
      • Profiles: excluded Data Limit and IP Block databases from profiles
      • Update Firmware: fixed possible system freezes after performing firmware update or factory reset
      • Update Firmware: fixed download from FOTA after cancelling firmware upload
      • WebUI: fixed styling of Format and Eject buttons in SD & USB Tools
  • CVE Patches
    • CVE-2025-31133 - 7.3 (HIGH)
    • CVE-2025-52565 - 8.4 (HIGH)
    • CVE-2025-52881 - 7.3 (HIGH)

RUTC_R_00.07.20.3 | 2026.01.23

  • Fix
    • Services
      • Data to Server: fixed IEC 60870 data sender plugin failing to load

RUTC_R_00.07.20.1 | 2026.01.05

  • Fix
    • System
      • Boot: fixed WAN ethernet led behaviour during boot on devices with specific hardware version
    • Services
      • DDNS-scripts: improved core handling of user input

RUTC_R_00.07.20 | 2025.12.16

  • New
    • Network
      • Mobile: added "mobileinternet.tele2.lt" APN for "Tele2" operator to APN database
      • Wireless: added support for a global installation type option for radio devices
    • Services
      • Data to Server: added IEC 60870-5 Client as an input
      • IEC 60870-5 Client: added IEC 60870-5-104 Client
      • IEC 60870-5 Server: added IEC101 and IEC104 support
    • System
      • Package Manager: added CIFS/SMBFS filesystem support
  • Improvements
    • Network
      • 802.1X Client: updated 802.1x validation so that 802.1x client can no longer be enabled on a port that is disabled
      • 802.1X Server: updated 802.1x validation so that 802.1x server can no longer be enabled on a port that is disabled
      • DHCP server: improved "DHCPv6-Mode" field's option names and hints
      • Mobile: improved log message when no primary SIM is set
      • Mobile: improved DFOTA log message when checking for updates
      • Mobile: added "Switch to next SIM" button in 'Status -> Mobile' page
      • Mobile: improved mobile data connection establishment time
      • Mobile: improved mobile connection bring up behavior when the "Service option not subscribed" error is received
      • Multi WAN: added IPv4 and IPv6 WAN interface coexistence warning
      • Network: improved "Force link" field hint
      • Network: fixed "Force link" field to respect default value when changing interface protocol
      • SSHFS: updated setting fields to be shown when service is disabled
      • SSHFS: added directory as prefix to "Mount point" field
      • ethtool: updated version to 6.10
    • Services
      • AWS IoT Core: updated orange error status to be red
      • Azure IoT Hub: updated status columns to use text badges instead of circle icons
      • Data to Server: updated input sections to be toggleable
      • Data to Server: added certificates to global certificate manager
      • Data to Server: increased the limit for Modbus data filtering entries
      • Event juggler: added certificates to global certificate manager
      • I/O Juggler: added certificates to global certificate manager
      • I/O Status: moved all custom I/O configuration from table to the edit
      • I/O Status: updated all I/O pinout and Power pinout icons
      • L2TP: improved adding custom options to the configuration
      • MQTT Broker: added certificates to global certificate manager
      • MQTT Broker Bridge: added certificates to global certificate manager
      • MQTT Publisher: added certificates to global certificate manager
      • SD & USB Tools: added additional mounting behavior options
      • SMPP: added certificates to global certificate manager
      • SNMP: added additional info to Trap message
    • System
      • Certificates: changed SCEP enrollment to try AES first and fall back to 3DES
      • RutOS: updated login banner to include internal API usage
      • Kernel: updated version to 5.15.196
  • Fix
    • Network
      • 802.1X Client: fixed incorrectly displaying port link state
      • Firewall: removed low contrast zone colors
      • Mobile: fixed SMS Limit excessive logging
      • Network: fixed PPPoE client options not being removed after switching to other protocol
      • Network: fixed routing table rules not matching interface metric order
      • Realtime Traffic: fixed traffic history not showing up in some cases
      • Realtime Traffic: fixed plot background rendering when switching between plots
      • Realtime Traffic: fixed plot popover position on Firefox 143 and later
      • Wireless: fixed authentication timeout during fast transition
      • Wireless: fixed retrieving empty cached wireless scan results
    • Services
      • Azure IoT Hub: fixed empty status hint
      • Azure IoT Hub: fixed custom Lua handlers' execution
      • DNP3 Client: fixed display issues with long request names
      • DNP3 Outstation: fixed display issues with long request names
      • Dynamic DNS: fixed bind-nsupdate method not working on multi-level subdomains
      • Event juggler: fixed HTTP action request type
      • Hotspot: fixed session data delete when deleting user
      • L2TP: fixed log display in WebUI
      • Modbus Client: fixed duplicate query parameters validation in database entries endpoint
      • Modbus Client: fixed display issues with long request names
      • Modbus Server: fixed display issues with long request names
      • MQTT Broker: fixed 'Allow persistence' option
      • OPC UA Client: fixed duplicate query parameters validation in database entries endpoint
      • OPC UA Client: fixed API error when 'server_node' option had an incorrect type in group values test endpoint
      • OpenVPN: fixed status in Static Key Authentication mode
      • OpenVPN: fixed handling of 'user' and 'group' parameters
      • RMS: fixed connection status jumping between "Connecting" and "Connected" states
      • SD & USB Tools: fixed API error when 'fs' option was not provided for safe_remove, format endpoints
      • SMS Utilities: fixed script action execution when arguments are provided
    • System
      • Certificates: fixed importing DER keys to TPM
      • RutOS: fixed respecting time zone in CLI
      • RutOS: fixed rare UCI deadlock causing system hangs
      • Speed Test: fixed selecting WAN interface when using servers with IPv6 support
      • System Users: fixed redundant /etc/group member creation
      • WebUI: fixed target area that triggers hint text
  • CVE Patches
    • CVE-2025-46394 - 3.3 (LOW)

RUTC_R_00.07.19.4 | 2025.12.05

RUTC_R_00.07.18.3 | 2025.10.30

  • Initial firmware release